[Openid-dcp] DCP WG America call agenda

Paul Bastian paul.bastian at posteo.de
Tue Aug 5 20:50:45 UTC 2025 

Hi all,

here are the notes for today's meeting:

# Attendees

- Paul Bastian
- Torsten Lodderstedt
- Kristina Yasuda
- Joseph Heenan
- Gareth Oliver
- Bjorn Helm
- Christian Bormann
- Daniel Fett
- David Waite
- Oliver Terbu
- Hicham Lozi
- Lenah Chacha
- Leonardo Maldonado
- Martijn
- Peter Sorotokin
- Rajvardhan Deshmukh
- Robert (Mastercard)
- Ryan Galluzo
- Andres Olave
- Rene Leveille

# Code of conduct / Antitrust policy / IPR policy

- 
https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Note-Well_Final_2025-06-12.pdf

# OpenID4VCI

- voting announcement goes out next Thursday
- final draft (-17) for VCI should be ready by next Tuesday

## OpenID4VCI Issue#595

- there is a mixup attack for the new Interactive Authorization Endpoint
- malicious issuer may link IAE from valid endpoint
- add iss to response from IAE response
- Daniel to propose a PR
- Martjin asks how the iss value is protected/encrypted

## Add statement that clarifies the use of scope and 
authorization_details #596

- adding latest suggestions

## Merge Deferred Endpoint #583

- reviews needed

## Ability to continue after redirect_to_web #589

- enhance existing IAE flow to allow bounce back between collecting data 
in wallet and in the browser multiple times
- current VCI text does not allow this
- Kristina asks for usecases (other than MATTRs)
- added complexity, may be added in 1.1 as IAE was already added late in 
the process

# HAIP

- those labeled "needs-review" are priority for review

## Modified Wording for Key Attestation #217

- new wording is unclear for Martjin , he assumes wallets without 
backend may be excluded
- Gareth with new suggestion
- Paul arguing that wallet backend for HAIP is very realistic with 
today's tech
- Martijn questioning whether wallet backend for key attestation is a 
good idea
- Torsten und Paul point out that it's impossible today with iOS, and 
there are many people that want Remote HSM for key storage
- Gareth asking whether to remove any default
- adding privacy consideration on requirement for wallet backend
- discussion about MUST or SHOULD for support of Annex D key attestation
-> Torsten suggesting SHOULD is enough

## What does high-assurance mean? #231

- more reviews needed

## clarify text around intent_to_retain

- not mandatory in OpenID4VP
- discussion around making it mandatory in HAIP
- Paul points out it's confusing to users because on mdoc information is 
shown that is missing in SD-JWT cases
- difficulties due to EUDIW and mDL having different requirements
- option 1: not make it mandatory, try to fix it in 1.1 for all 
credentials, may result in new discussion with ISO wg
- option 2: keep it mandatory
- Kristina will check previous communication with ISO wg

Best, Paul

On 8/5/25 15:35, Joseph Heenan via 
Openid-specs-digital-credentials-protocols wrote:
> Hi all
>
> Proposed agenda for the usual America friendly call later today - 8pm 
> London / 9pm CET / 3pm Eastern / midday Pacific on the usual zoom, 
> https://zoom.us/j/94085567252?pwd=cHNFMExFalhlM2MrOFhoN3J6eDRuZz09
>
>  1. Code of conduct / Antitrust policy / IPR policy:
>     https://openid.net/wp-content/uploads/2025/06/OIDF_Groups-Activities-Events-Note-Well_Final_2025-06-12.pdf
>  2. Note-taking
>  3. Introductions
>  4. Agenda bashing
>  5. Events
>  6. General updates
>  7. OID4VCI 1.0,:
>      1. Please review some of the editorial PRs:
>         https://github.com/openid/OpenID4VCI/pulls
>      2. We want to publish a new version on/by Tue 12th Aug, prior to
>         vote announcement going out on Thursday 14th & voting starting
>         on 29th Aug
>  8. HAIP PRs
>      1. https://github.com/openid/OpenID4VC-HAIP/pulls
>      2. In particular we have a number that are ready to go and just
>         need one or two more reviews:
>         https://github.com/openid/OpenID4VC-HAIP/pulls?q=is%3Apr+is%3Aopen+label%3Aneeds-reviews
>  9. HAIP open issues for 1.0:
>      1. https://github.com/openid/OpenID4VC-HAIP/issues?q=is%3Aissue%20state%3Aopen%20-label%3Aafter-wglc%20-label%3Ahas-PR%20-label%3Aready-for-PR%20milestone%3A%221.0%20Final%22
>
>
> If anyone has any specific topics they’d like to cover please reply to 
> this email or ask at the start of the call.
>
> Thanks
>
> Joseph
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250805/7d9d0857/attachment.htm>

More information about the Openid-specs-digital-credentials-protocols mailing list